See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/241849825

An introduction to computer viruses: Problems and solutions

Article  in  Library Hi Tech News · September 2012

DOI: 10.1108/07419051211280036

CITATIONS READS

3 36,765

1 author:

Imran Khan
Zakir Husain Delhi College (University of Delhi), New Delhi
28 PUBLICATIONS   28 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Imran Khan on 27 August 2014.

The user has requested enhancement of the downloaded file.

Library Hi Tech News
Emerald Article: An introduction to computer viruses: problems and
solutions
Imran Khan

Article information:
To cite this document: Imran Khan, "An introduction to computer viruses: problems and solutions", Library Hi Tech News, Vol. 29
Iss: 7 pp. 8 - 12
Permanent link to this document:
http://dx.doi.org/10.1108/07419051211280036
Downloaded on: 01-10-2012
References: This document contains references to 5 other documents
To copy this document: permissions@emeraldinsight.com

Access to this document was granted through an Emerald subscription provided by Emerald Author Access

For Authors:
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service.
Information about how to choose which publication to write for and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
With over forty years' experience, Emerald Group Publishing is a leading independent publisher of global research with impact in
business, society, public policy and education. In total, Emerald publishes over 275 journals and more than 130 book series, as
well as an extensive range of online products and services. Emerald is both COUNTER 3 and TRANSFER compliant. The organization is
a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive
preservation.
*Related content and download information correct at time of download.
 An introduction to computer viruses: problems
and solutions
Imran Khan
Introduction
The development of large-scale
complex campus networks needs to be
concerned with network security so
that the campus network remains stable.
In today’s information age, the pool of
information available continues to expand
logarithmically. Digital information has
transformed the way we create, transmit,
store, process and manipulate
information. All the electronic resources
and information are being stored in
computer systems for their retrieval and
dissemination. In today’s highly computer
dependant environment, computer
security is a major concern. The security
of computers is routinely threatened by
malicious programs such as computer
viruses, Trojan horses, worms and the like.
Once computers are infected these
programs may have the ability to
damage expensive computer hardware,
destroy valuable data, tie up limited
computing resources or compromise the
security of sensitive information. People
accumulate data from many sources using
various available electronic storage
devices such as USB drives, CD/DVD-
ROMs, etc. and then store the data on their
computers. Many people are not fully
computer literate and may be unaware of
the latest virus threats. When users move
or copy data from computer to computer
viruses can be transmitted via computer
systems, an internal network or the
internet. Once a computer system gets
infected with a virus, the data stored in it
becomes insecure and the system
becomes a source of infection to other
systems during the transfer of data.
Computer viruses and related
malware
A computer virus is a computer
program that can replicate itself and
infect a computer. The term “computer
8 Library Hi Tech News Number 7 2012, pp. 8-12, q Emerald Group Publishing Limited, 0741-9058, DOI 10.1108/07419051211280036
virus” is also commonly but erroneously
used to refer to other types of malware,
adware, and spyware programs that do
not have this reproductive ability.
Malware includes worms, Trojans,
most rootkits, spyware, dishonest
adware, crimeware, and other
unwanted software, including true
viruses. Viruses are sometimes
confused with computer worms and
Trojan horses, which are technically
different. A worm can exploit security
vulnerabilities to spread itself to other
computers through networks, while a
Trojan is a program that appears
harmless but hides malicious functions.
Worms and Trojans, like viruses, may
harm a computer system’s data or
performance. A true virus can only
spread from one computer to another
(in some form of executable code) when
its host is taken to the target computer;
for instance because a user sent it over
a network or the internet, or carried it
on a removable medium such as a
floppy disk, CD, DVD, or USB drive.
Transmission of viruses can increase by
infecting files on a network file system
or a file system that is accessed by
another computer. Computer viruses
were labeled as viruses because of the
fact that they are similar to biological
viruses in the aspect of multiplying
themselves. Similarly they find a host
and then infect and multiply themselves.
However, in both cases there must be a
cause in order for the problem to begin.
Some viruses and other malware have
symptoms noticeable to the computer
user, but many are surreptitious and go
unnoticed.
There are different types of computer
viruses and each type has their own
unique features that differentiate
themselves from one another. Among
the different types of viruses the most
familiar ones are computer-based
viruses and internet-based viruses.
There are many subtle and obvious
distinctions that set the different types of
computer viruses apart from one
another. Some of the more typical
viruses are described below.
“Resident viruses” exist in a
computer’s volatile memory (RAM).
From there it can overcome and
interrupt all of the operations executed
by the system like corrupting files and
programs that are opened, closed,
copied, renamed, etc. Examples of this
type of virus include Randex, CMJ,
Meve, and MrKlunky.
Multipartite viruses are distributed
through infected media and usually hide
in the memory. Gradually, the virus
moves to the boot sector of the hard
drive and infects executable files on the
hard drive and later across the computer
system.
“Direct action viruses” replicate and
take action when executed. When a
specific condition is met, the virus
comes into action and infects files in
the directory or folder that it is in and in
directories that are specified in the
AUTOEXEC.BAT file PATH. This
batch file is always located in the root
directory of the hard disk and carries out
certain operations when the computer is
booted.
“Overwrite viruses” are characterized
by the fact that they delete the information
contained in the files that it infects,
rendering them partially or totally
useless once they have been infected.
The only way to clean a file infected by
an overwrite virus is to delete the file
completely, thus losing the original
content. Examples of this virus include
Way, Trj.Reboot, Trivial.88.D.
“Boot sector viruses” affect the boot
sector of a floppy, USB or hard disk
drive. This is a crucial part of a disk, in
which information on the disk itself is
stored together with a program that
makes it possible to boot (start) the
computer from the disk. Examples of
boot sector viruses include Polyboot.B,
AntiEXE.
“Macro viruses” infect files that are
created using certain applications or
programs that contain macros. The
different ways to create macros would
be the macro recorder or Visual Basic
for Applications. Macro Virus uses the
macro language for its program.
Microsoft Office has macros built into
its application and this virus affects so
most of its application programs. Word
Documents, Excel Spreadsheets, Power
Point Presentations, and Access
Databases are most at risk. The
document template is affected and
hence every file that is opened is
affected. Some macro viruses contain a
trigger that is usually a date on which
the virus is programmed to start the
actual damage. Some other macro
viruses share the characteristics of a
computer worm by spreading across
networks by using the macro facility
available in Microsoft Outlook.
Examples of macro viruses are Relax,
Melissa.A, Bablas, O97M/Y2K.
“Directory viruses” change the paths
that indicate the location of a file. By
executing a program (file with the
extension. EXE or .COM) that has
been infected by a virus, one may
unknowingly be running the virus
program, while the virus has previously
moved the original file and program.
Once infected, it becomes impossible to
locate the original files.
“Polymorphic viruses” encrypt or
encode themselves in a different way
(using different algorithms and
encryption keys) every time they
infect a system. This makes it
impossible for less sophisticated
antivirus software to find them using
string or signature searches (because
they are different in each encryption)
and also enables them to create a large
number of copies of themselves.
Examples of this type include Elkern,
Marburg, Satan Bug, and Tuareg.
“File infectors” are viruses that
infect programs or executable files
(files with an .EXE, .DRV, .DLL,
.BIN or .COM extension). When one
of these programs is run, directly or
indirectly, the virus is activated,
producing the damaging effects it is
programmed to carry out. The majority
of existing viruses belongs to this
category, and can be classified
Library Hi Tech News Number 7 2012
depending on the actions that they
carry out. The virus may completely
overwrite the file that it infects, or may
only replace parts of the file, or may not
replace anything but instead rewrite the
file so that the virus is executed rather
than the program the user intended.
The “encrypted virus” is probably the
most difficult kind of bug to detect and
the most difficult to stop. One may
accidentally have downloaded one of
these bugs and before knowing it; the
entire computer can be infected. Many
top virus protection programs miss
encrypted viruses because these bugs
use a different form of encryption every
time. In most cases virus protection
software can then identify and prevent
damage.
“Companion viruses” have the name
because once they get into the system
they “accompany” the other files that
already exist. In other words, in order to
carry out their infection routines,
companion viruses can wait in memory
until a program is run (resident viruses)
or act immediately by making copies of
themselves (direct action viruses).
Some examples of this type include
Stator, Asimov.1539, and Terrax.1069.
“Network viruses” rapidly spread
through a local area network (LAN),
and sometimes over the internet.
Generally, network viruses multiply
through shared resources, i.e. shared
drives and folders. When the virus
infects a computer, it searches through
the network to attack new potential
prey. When the virus finishes infecting
a computer, it moves on to the next and
the cycle repeats itself. The most
dangerous network viruses are Nimda
and SQLSlammer.
“Nonresident viruses” are similar to
resident viruses as they use the
replication of a computer module.
These viruses selects one or more files
to infect each time the module is
executed.
“Stealth viruses” try to trick
antivirus software by intercepting its
requests to the operating system. It has
the ability to avoid detection from some
antivirus software programs.
“Sparse infectors” minimize the
probability of being discovered by
various means such as only infecting
every 20th time a file is executed; only
infecting files whose lengths are within
narrowly defined ranges or whose
names begin with letters in a certain
range of the alphabet.
“Spacefiller (cavity) viruses”, install
themselves within the empty spaces of
the code of the code of some programs
while not damaging the actual program
itself. An advantage of this is that the
virus then does not increase the length
of the program and can avoid the need
for some stealth techniques. The Lehigh
virus is an early example of a spacefiller
virus.
“FAT viruses” use the file allocation
table or FAT part of a disk used to
connect information and is vital to
normal functioning of the computer.
This type of virus attack can be
especially dangerous, by preventing
access to certain sections of the hard
drive where important files are stored.
Damage caused can result in
information losses from individual files
or even entire directories.
“Worms” are technically not viruses,
but they have the ability to self-
replicate, and can lead to negative
effects on the computer system but
usually they are detected and eliminated
by antiviruses. Clicking on an infected
e-mail usually transmits worms.
Examples of worms include
PSWBugbear.B, Lovgate.F, Trile.C,
Sobig.D, Mapson.
“Trojans or Trojan horses” are
malicious codes (not viruses) as they
do not reproduce by infecting other files,
nor do they self-replicate like worms.
A Trojan horse program has the
appearance of having a useful and
desired function. While it may
advertise its activity after launching,
this information is not apparent to the
user beforehand. Secretly, the program
performs other undesired functions.
Trojan horses may cause data
destruction or compromise a system by
providing a means for another computer
to gain access, thus bypassing normal
access controls. Trojan horse attacks are
one of the most serious threats to
computer security as they can be
spread in the guise of literally
anything, which makes it almost
essentially impossible to notice them,
even when one is looking specifically
for them.
“Logic bombs” are also not viruses
but rather camouflaged segments of
other programs. Their objective is to
destroy data on the computer once
certain conditions have been met. Logic
9
bombs go undetected until launched, and
the results can be devastating. Some
examples are a logic bomb that deletes
one’s photos on Halloween, or a one that
deletes a database table if a certain
employee is fired.
“E-mail viruses” move around via
e-mail messages and replicate by
automatically mailing themselves to as
many people as possible through the use
of e-mail messaging.
“Spyware” is designed to intercept
or take partial control of a computer’s
operation. Basically, it is a program that
is able to watch what users are doing
with their computer and then send that
information over the internet. Spyware
consists of lots of computer programs
that are able to attach themselves to the
operating system in nefarious ways, and
that can destroy the power of the
computer’s processing system.
A “rootkit virus” is an undetectable
virus that attempts to allow someone
else to gain control of a computer
system. The term rootkit comes from
the Linux administrator root user.
These viruses are usually installed by
Trojans and are normally disguised as
operating system files.
“Secret viruses” make changes to the
files on a computer, or completely
replace files, but then try to trick the
computer and the antivirus program into
thinking that the originals are being
used. Most advanced virus protection
programs can stop these common
viruses dead in their tracks.
“Time delay viruses” take a much
slower, more disciplined path towards
ruining the computer. Instead of
instantly trying to take over the
computer the moment one downloads
them, they wait and slowly infect files
bit by bit. One may not have been
online for days but then suddenly finds
the computer has become infected.
These viruses can be kept under
control by running virus protection
software every few days.
“Antivirus viruses” attack the pre-
installed antivirus program in hopes of
disabling it so that other viruses can be
downloaded. This is a major reason many
people have a virus protection program
as well as a separate anti-spyware or anti-
malware program on their computers.
“Multi-headed viruses” attach
themselves to .exe files on a computer,
but it also affects the computer’s start
10
up so that the virus runs automatically
every time one turns on the computer.
“Misdirection viruses” contain a built
in sub-program that is made to give false
readings to the virus protection software.
One may think that the computer has a
bug in one directory, when, in fact, the
virus is busy harming the computer in a
whole other area.
The “cloning virus”, when
downloaded, quickly creates duplicates
for.exe files on the computer system,
hoping that one may click on one when
really meaning to click on a healthy
program already present on the
computer system.
The “author virus” finds an.exe file
and actually deletes and rewrites code
so that the program is changed. Few
common computer viruses run this way
since the level of virus needs to be so
sophisticated.
The “Bad Penny virus” was the first
computer virus to ever hit the internet.
This is a bug that automatically passes
itself on to everyone on a LAN or on the
internet unless something stops it.
Firewalls were invented specifically
because of this virus.
The “rewriting virus” rewrites some
of the most needed files on a computer
system, as well as fills up the hard drive
with all sorts of invisible files one could
not normally see.
The “Melissa virus” affects both PC
and Mac users by automatically
emailing itself to other people without
permission. It can be extra harmful
while using a private mail server at a
workplace.
The “browser hijacker” can spread
itself in numerous ways and effectively
hijacks certain browser functions,
usually in the form of redirecting the
user automatically to particular sites.
It is usually assumed that this tactic is
designed to increase revenue from web
advertisements. There are a lot of
such viruses, and they usually have
“search” included somewhere in their
description. CoolWebSearch may be the
most well known example, but others
are nearly as common.
“Web scripting viruses” become part
of executable complex computer code
in order to provide interesting content.
Although malicious sites are sometimes
created with purposely-infected code,
many such cases of virus exist because
of code inserted into a site without the
webmaster’s knowledge.
Symptoms of virus infection on
computer
The following are some primary
indicators that a computer may be
infected with a virus:
.
The computer runs slower than usual.
.
The computer stops responding, or
it locks up frequently.
.
The computer crashes, and then it
restarts every few minutes.
.
The computer restarts on its own.
Additionally, the computer does
not run as usual.
.
Applications on the computer do
not work correctly.
.
Disks or disk drives become
inaccessible.
.
Items do not print correctly.
.
Unusual error messages start
displaying.
.
Menus and dialog boxes are seen in
distorted form.
.
There is a double extension on an
attachment that is recently opened,
such as a .jpg, .vbs, .gif, or .exe.
.
An antivirus program is disabled for
no reason. Additionally, the antivirus
program cannot be restarted.
.
An antivirus program cannot be
installed on the computer, or the
antivirus program will not run.
. New icons appear on the desktops
that have not been put there, or the
icons are not associated with any
recently installed programs.
.
Strange sounds or music plays from
the speakers unexpectedly.
.
A program disappears from the
computer even though it has not
been intentionally removed.
.
Out-of-memory error messages are
received even though the computer
has sufficient RAM.
.
A partition of the hard drive
disappears.
.
Windows Task Manager is unable
to started.
Symptoms of worms and Trojan
horse viruses in e-mail messages
When a computer virus infects
e-mail messages or infects other files
on a computer, the following symptoms
may be noticed:
.
The infected file may make
copies of itself. This behavior may
Library Hi Tech News Number 7 2012
 use up all the free space on the hard
disk.
.
A copy of the infected file may be
sent to all the addresses in an e-mail
address list.
.
The computer virus may reformat
the hard disk. This behavior deletes
files and programs.
.
The computer virus may install
hidden programs, such as pirated
software that may then be
distributed and sold from the
computer.
.
The computer virus may reduce
security that can enable intruders to
remotely access the computer or
the network.
.
An e-mail message with a strange
attachment is received. When the
attachment is opened, dialog boxes
appear, or a sudden degradation in
system performance occurs.
.
People complain that they have
recently received e-mail messages
from a person that contained
attached files, which the person
did not send. The files that are
attached to the e-mail messages
may have extensions such as .exe,
.bat, .scr, and .vbs.
Symptoms of spyware
When spyware affects a computer,
the following may result:
.
Slow internet connection.
. Changing web browser’s home
page.
.
Loss of internet connectivity.
.
Failure to open some programs,
including security software.
.
Unable to visit specific web sites,
which may include redirecting to
other sites.
Preventive measures for data safety
and avoid virus infections
Prevention is the best remedy for
avoiding virus infections and threats.
A virus can compromise personal
information and even destroy a
computer completely. It becomes a
major hazard and security risk for
huge databases stored and used
libraries on their servers. There are
many low cost measures, which may
Library Hi Tech News Number 7 2012
help in protecting and staying one step
ahead of the hackers.
“Keep regular backup of data” is
highly recommended to avoid losing it.
Avoid using unknown USB drives.
When data is copied from a computer
that is infected with a virus and
transferred to the other computer, it
may cause virus infection in that
computer too. Therefore, it is always
advisable that the USB drives should be
scanned for viruses before copying their
data to a computer system.
Install a reliable antivirus program.
Even if the computer is not hooked up to
the internet, a reliable antivirus program
is low cost and makes common sense.
Some antivirus programs are free and
work almost as well as industry giants
such as Norton and McAfee.
Install anti-spyware and anti-
malware programs. Many of the top
anti-spyware programs are completely
free. Spybot Search and Destroy and
CCleaner are just two free programs that
can help prevent computer viruses. As
helpful as these programs are, one must
update them and run them on a regular
basis to do any good.
Avoid suspicious web sites. A good
virus protection program alerts while
visiting a web site that attempts to install
or run a program on the computer.
Never open e-mail attachments
without scanning them first. The most
common way by which viruses are
spread throughout the internet is still
via e-mail. Some attachments, like
pictures, now display in e-mails and
do not require an attachment to be
manually opened, but other documents
do. One should make sure that they
are using an e-mail client that scans all
e-mail attachments beforehand.
Set up automatic scans. Many of
the top antivirus programs, as well as
the best anti-spyware programs, have
settings that let them automatically run
during down times or in the middle of
the night. Of course, the computer must
be on for this to happen, but having
daily scans run when nothing else is
going on is a great way to prevent even
the latest computer viruses from
sticking around too long.
Watch the downloads. Downloading
music, movies and other items are so
massive that it may be easy to sneak a
virus along for the ride. These files
should be downloaded from trusted
sites, or, at the very least, should be
scanned before opening them.
Installing regular updates. There is
a reason why Windows has a
feature called critical updates. There is
an entire branch of Microsoft dedicated
to staying one step ahead of the
hackers so when they manage to fix a
possible security loophole, one needs
to download the patch right away. Help
Microsoft help you prevent computer
viruses from causing too much trouble.
Know what to look for. Even casual
computer users should have an idea of
how the computer operates, what
normal pop up windows look like and
what popular viruses are out there.
Stay away from cracked software. It is
so secret that one can download illegal,
cracked versions of some programs
online. As tempting as it may be, these
files are almost always infested with
advanced and difficult to detect malware.
Therefore, one should play it safe and get
software from a trusted source.
Install a firewall. A firewall is a
program that screens incoming internet
and network traffic. Along with the
virus program, it can help prevent
unauthorized access to the computer.
Be prepared to lock down. If one hears
of a virus that is spreading like wildfire
through the internet, make an extra effort
to be careful. Do not open any suspicious
e-mail or accept any downloads for a
week or two until the virus protection
program has been updated.
FURTHER READING
Al-Daoud, E., Jebril, I.H. and Zaqaibeh, B.
(2008), “Computer virus strategies and
detection methods”, International Journal
of Open Problems in Computer Science and
Mathematics (IJOPCM), Vol. 1 No. 2,
pp. 29-36.
Mustafa, F. and Khan, I. (2008), “Automation
of Jamia Hamdard (Hamdard University):
a case study of HMS Central Library”, ILA
Bulletin, Vol. 44 Nos 3/4, pp. 24-7.
Stibor, T. (2010), “A Study of detecting
computer viruses in real-infected files in the
n-gram representation with machine learning
methods”, Proceedings of the 23rd
International Conference on Industrial
Engineering and other Applications of
Applied Intelligent Systems (IEA/AIE’10),
Vol. 1, Springer, Berlin, pp. 509-19.
Wang, J. and Liu, X. (2011), “Computer
network security of university and
preventive strategy”, Proceedings of IEEE
11
3rd International Conference on
Communication Software and Networks
(ICCSN), Xi’an, May, pp. 143-5.
Zhen, Y. (2010), “Security of library
information system under the network
environment”, Proceedings of 3rd
International Conference on Advanced
Computer Theory and Engineering (ICACTE
2010), Chengdu, China, Vol. 4, pp. 127-9.
Web sites
http://flyunity.net/antivirus/computer-
viruses-and-preventive-measures/
www.pcsecurityalert.com/pcsecurityalert-
articles/what-is-a-computer-virus.htm
www.pcsecurityalert.com/pcsecurityalert-
articles/different-types-of-computer-
viruse.htm
www.pcsecurityalert.com/pcsecurityalert-
articles/computer-virus-prevention.htm
12
View publication stats
http://support.microsoft.com/kb/129972
www.makeuseof.com/tag/types-computer-
viruses-watch/
http://antivirus-software.topchoicereviews.
com/11-ways-prevent-computer-viruses_
258.html
www.secureurpc.com/secureurpc-articles/
types-of-computer-viruses.php
www.secureurpc.com/secureurpc-articles/
types-of-viruses.php
http://files-recovery.blogspot.com/2010/
06/20-common-types-of-computer-
viruses-and.html
www.microsoft.com/security/antivirus/
whatis.aspx
www.pcguide.com/care/data/virus/
bgTypes-c.html
www.buzzle.com/articles/different-types-
of-computer-viruses.html
www.topbits.com/types-of-computer-
viruses.html
www.isoftwarereviews.com/types-of-
computer-viruses/
www.cknow.com/cms/vtutor/types-of-
viruses.html
Imran Khan (ikhanjh@gmail.com;
ikhan@jamiahamdard.ac.in), SPA and
In-charge, Membership, Networking &
IT Applications Division, HMS Central
Library, Jamia Hamdard (Hamdard
University), New Delhi, India.
Library Hi Tech News Number 7 2012